rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Do what the rfc says we should do, rather than what the error message

Browse Source 
suggests we're doing.
This commit is contained in:
Nalin Dahyabhai 2007-09-04 16:34:44 +00:00
parent 929680a650
commit 9866e02a96
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
krb5-1.6.2-key_exp.patch
View File

@ -1,13 +1,20 @@
Sadique Puthen notes that the warning on the client side seems to be correspond Sadique Puthen notes that the warning on the client side seems to be correspond
to the wrong attribute on the KDC.... to the wrong attribute on the KDC. Do what RFC4120 says we should do.
--- krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:06.000000000 -0400 --- krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:06.000000000 -0400
+++ krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:08.000000000 -0400 +++ krb5-1.6.2/src/kdc/do_as_req.c 2007-06-25 15:49:08.000000000 -0400
@@ -371,7 +371,7 @@ process_as_req(krb5_kdc_req *request, kr @@ -371,7 +371,14 @@ process_as_req(krb5_kdc_req *request, kr
goto errout; goto errout;
} }
reply_encpart.nonce = request->nonce; reply_encpart.nonce = request->nonce;
- reply_encpart.key_exp = client.expiration; - reply_encpart.key_exp = client.expiration;
+ if (client.expiration == 0) {
+ reply_encpart.key_exp = client.pw_expiration; + reply_encpart.key_exp = client.pw_expiration;
+ } else if (client.pw_expiration == 0) {
+ reply_encpart.key_exp = client.expiration;
+ } else {
+ reply_encpart.key_exp = client.pw_expiration < client.expiration ?;
+ client.pw_expiration : client.expiration;
+ }
reply_encpart.flags = enc_tkt_reply.flags; reply_encpart.flags = enc_tkt_reply.flags;
reply_encpart.server = ticket_reply.server; reply_encpart.server = ticket_reply.server;